From: Alex Boag-Munroe (ajbm@ntlworld.com)
Date: Mon Nov 13 2000 - 12:29:18 PST
I agree with Colin, anything originating from a 10.x.x.x.x IP is being
blocked from the external interface.
Hashing out the line will fix the problem
Alex
On Monday 13 November 2000 19:30, you wrote:
> I am no expert at these matters but it looks like you are assigned a
> 10.200.0.x address by your ISPwhich by default is blocked from going out of
> the firewall as it is assumed to be a private network address. I may be
> barking up the wrong tree here but try hashing out this line at the top of
> pmfirewall.rules.local as below
>
> #$IPCHAINS -A input -j DENY -s 10.0.0.0/8 -d $OUTERNET -i $OUTERIF
>
> Colin
>
> On Monday 13 November 2000 6:28 pm, you wrote:
> > > Thanks to all those who answered. I will include a number of files with
> >
> > this message, but I would like to aswer a few questions posed by some of
> > the people who answered.
> >
> > > The gentleman may have his cards the wrong way around according to
> > > "standards", however, that won't be why pmfirewall isn't working
> > > surely!
> >
> > I don't think this is the problem since as I wrote, I am able to use
> > "masqstart" and this works so I think the setup script did accept the
> > **non-standard** stup. In any case, the eth0 and eth1 addresses were
> > setup automatically by the HardDrake configuration utility on Mandrake. I
> > do understand that I can manually change this, but I'm not anxious to do
> > this if possible since aside from the Firewall itself, everything else
> > (LAN, Masquerading, PPTP, etc is working and as they say
> > --- If it ain't broke, don't fix it -- :-)
> >
> > > would also be helpful if you can state, more specifically, how your
> > > connection to the ISP is setup: do you have a static IP address or do
> >
> > I connect to my ADSL provider using PPTP and the IP address is dynamic
> >
> > >to the service. The usual source of problems is that the networking
> > >interfaces are not yet up while the ipchains configuration set by the
> > >PMFirewall script is trying to locate the net configuration on the
> > >system, which is not set up yet. If you have cable and DHCP, for
> > >example, and the ISP's server is down for the moment you will not
> > >receive an IP address and if PMFirewall is set to start up at boot time
> >
> > I run the pmfirewall script manually and NOT at boot time so this is
> > probably not the problem
> >
> > >system, which is not set up yet. If you have cable and DHCP, for
> >
> > The files and outputs people asked for and a few more I thought might be
> > helpful are attached. All the outputs are in a file called net-output.
> > The rest are config files from the pmfirewall directory.
> >
> >
> > Again - thanks to all.
> >
> >
> > //-------------------------
> > Shlomo Solomon
> > E-Mail: solomon@barak-online.net
> > http://come.to/shlomo.solomon
> > Date: 13-Nov-2000 Time: 20:06:39
> >
> > Message sent by XFMail on a LINUX Mandrake 7.2 machine
> > //-------------------------
>
> ***************************************************************************
>* * To UNSUBSCRIBE from the list, send a message with "unsubscribe
> pmfirewall" * in the message body to majordomo@pointman.org. Please direct
> other * questions, comments, or problems to pmfirewall-owner@pointman.org.
> *
> * Need answers fast? Check the list archive located at:
> * http://www.pointman.org/PMFirewall/list-archive/
> *
****************************************************************************
* To UNSUBSCRIBE from the list, send a message with "unsubscribe pmfirewall"
* in the message body to majordomo@pointman.org. Please direct other
* questions, comments, or problems to pmfirewall-owner@pointman.org.
*
* Need answers fast? Check the list archive located at:
* http://www.pointman.org/PMFirewall/list-archive/
*
This archive was generated by hypermail 2b29 : Sun Jun 10 2001 - 02:37:44 PDT